(fixing ietf-http-wg address from ietf.org to w3.org)
Perens' response at
http://perens.com/works/ietf/perpass/appropriate-response/01.pdf (not an
internet draft, sigh - alienate your readers before they start!)
commenting on
http://tools.ietf.org/html/draft-farrell-perpass-attack
gives some of the reasons in support of universal encryption not being a
laudable goal.
This is a political problem, not a technical problem. From a technical
perspective, caching static content matters. Trying to figure out problems that
aren't security problems matters. Mandating secure communications for worldwide
http is pretty much the same as mandating secure encrypted email worldwide -
large failure modes, resulting in an inability to communicate. Which is why use
of secure email is not widespread.
As IETF security AD, Farrell's response must always be 'we need more security'
and his draft - everything is an attack - is a reflection of that outlook.
One recent time everything was viewed as an attack was in Digital Rights
Management by content providers. The result of DRM was to impose massive
technical costs and shift the modes of attack on content. If you want to
consider the failure modes of a secured web with secure communications
everywhere, consider the failure modes of DRM. Meanwhile, the content providers
pursued legal remedies as more effective. Is the IETF now advocating a DRM
approach, when legal remedies would be more appropriate?
Any security system or algorithm, can be broken; when it is, it is considered
as no longer fit for purposes, unfashionable, and to be discarded. Security is
always raising the bar - e.g. MD5 is no longer secure enough for security
purposes (though still excellent in limited context as a reliability check for
large files), SHA256 may not be strong enough... this is an upgrade cycle that
eventually every implementation steps off, becoming incompatible with the
latest and greatest. And this upgrade cycle will break the web into little
pools of not-compatible-with-latest security as a result. One way to avoid that
cycle is to always permit interoperability without security. (warn as much as
you like, but permit it.)
The benefits of interop testing, less power drain, less complexity, and of
actually being able to communicate if that is desired. are worthwhile. Demand
security everywhere if you like, and treat everything as an attack, just as DRM
did, but, as with DRM, it's a fool's errand.
Lloyd Wood
http://sat-net.com/L.Wood/
________________________________________
From: Ted Lemon [ted(_dot_)lemon(_at_)nominum(_dot_)com]
Sent: 04 December 2013 21:27
To: Wood L Dr (Electronic Eng)
Cc: bruce(_at_)perens(_dot_)com; IETF Discussion; perpass;
ietf-http-wg(_at_)ietf(_dot_)org
Subject: Re: perens-perpass-appropriate-response-01
On Dec 4, 2013, at 4:17 PM, <l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk>
<l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk> wrote:
Universal encryption is not a a laudable goal.
Unsupported assertions are not helpful.